mysql_real_escape_string() question

[robert_gsfame]

I am new to mysql_real_escape_string() but i wish  to use this as it might help preventing me from sql_injection attack.

 

If let say users insert this record      myname"james" then i will have it in my database

like this      myname\"james\" and when i retrieve it from my database i will get the same either..

 

What should i do?? do i need anything else besides mysql_real_escape_string() ??

[Catfish]

if there's slashes you want to remove from a string use stripslashes() - http://au.php.net/manual/en/function.stripslashes.php

[robert_gsfame]

do i have to put this when retrieving the record??

[laffin]

on any record that uses mysql_real_escape_string, yes.

[robert_gsfame]

but let say i have this inside my database    myname"\james\" and i use stripslashes() to retrieve the data into my textbox then it goes like this    myname

Is it correct if i use htmlspecialchars() or htmlentities for this